This file contains items that need doing before the next release:

Required:
- Security review:
  - write up security model used in classic tracker
  - ensure classic template actually implements the model detailed
- "Web Access" revocation needs work - the context should not be rendered
- should redefinitions of a permission keyed off (name, classname) generate
  an error or a warning? Something needs to be generated, as such
  occurrances are an error in the schema...
- check that the Provisional User example actually works as advertised

Optionally:
- clean up roundup.cgi (switch to config file, use proper logging, remove
  all the crap)
- have rdbms backends look up the journal for actor if it's not set
- migrate to numeric ID values (fixes bug 817217)
- configuration editing in Web User Interface: core config,
  standalone server config, detectors and extensions configurations
- refactor backends to have a common Database class that manages them all,
  allowing different Class implementations from differen backends in the
  one tracker. Once this is done, re-work the security stuff so that the
  roles attribute is a Multlilink and the security module defines the
  roles "class".
- include the test system in the binary distributions